1.2
低危
DACN
0.12
FACILE
1.00
IMCLNet
0.74
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Heim | 20190924 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_100% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20190924 | 2013.8.14.323 |
| McAfee | GenericRXHX-CC!F1986DBD5A3A | 20190924 | 6.0.6.653 |
| Tencent | None | 20190924 | 1.0.0.1 |
静态指标
可执行文件包含未知的 PE 段名称,可能指示打包器(可能是误报)
(1 个事件)
| section | .imports |
动态指标
可执行文件使用UPX压缩
(2 个事件)
| section | UPX0 | description | 节名称指示UPX | ||||||
| section | UPX1 | description | 节名称指示UPX | ||||||
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
文件已被 VirusTotal 上 50 个反病毒引擎识别为恶意
(50 个事件)
| ALYac | Trojan.Downloader.JUSI |
| APEX | Malicious |
| AVG | Win32:Heim |
| Acronis | suspicious |
| Ad-Aware | Trojan.Downloader.JUSI |
| AhnLab-V3 | Backdoor/Win32.RL_Hupigon.R285217 |
| Antiy-AVL | Trojan/Win32.Tinba |
| Arcabit | Trojan.Downloader.JUSI |
| Avast | Win32:Heim |
| Avira | HEUR/AGEN.1036241 |
| BitDefender | Trojan.Downloader.JUSI |
| CAT-QuickHeal | Trojan.GenericPMF.S7439967 |
| ClamAV | Win.Malware.Ursu-7056727-0 |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_100% (D) |
| Cybereason | malicious.d5a3af |
| Cyren | W32/Tinba.M.gen!Eldorado |
| DrWeb | Trojan.PWS.Tinba.657 |
| ESET-NOD32 | Win32/Tinba.BF |
| Emsisoft | Trojan.Downloader.JUSI (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/Tinba.M.gen!Eldorado |
| F-Secure | Heuristic.HEUR/AGEN.1036241 |
| FireEye | Generic.mg.f1986dbd5a3af6ec |
| Fortinet | W32/Generic.AP.2DF2B2!tr |
| GData | Trojan.Downloader.JUSI |
| Ikarus | Trojan.Win32.Crypt |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.dvxtx |
| K7AntiVirus | Trojan ( 004b6a801 ) |
| K7GW | Trojan ( 004b6a801 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=86) |
| McAfee | GenericRXHX-CC!F1986DBD5A3A |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.cm |
| MicroWorld-eScan | Trojan.Downloader.JUSI |
| Microsoft | TrojanDownloader:Win32/Dofoil.AC |
| NANO-Antivirus | Trojan.Win32.Tinba.epyuvs |
| Panda | Trj/Ransom.BH |
| Rising | Backdoor.Hupigon!8.B57 (TFE:3:yvCMBfJhsII) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Mal/Tinba-AG |
| Symantec | ML.Attribute.HighConfidence |
| TACHYON | Trojan/W32.Agent.112768.B |
| Trapmine | malicious.high.ml.score |
| VBA32 | Trojan.Tinba |
| Webroot | W32.Trojan.Gen |
| Yandex | Trojan.Tinba!GN0WLVEgVTw |
| Zillya | Trojan.Tinba.Win32.9023 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2015-01-29 16:25:51
PE Imphash
fc3bae53ebbec53f821d8cc741d4579e
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00010000 | 0x0000f600 | 4.8957048263137155 |
| UPX1 | 0x00011000 | 0x0000b000 | 0x0000aa00 | 5.65815268907495 |
| .rsrc | 0x0001c000 | 0x00001000 | 0x00000800 | 3.3988591477861894 |
| .imports | 0x0001d000 | 0x00001000 | 0x00000c00 | 4.434423686230836 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_ICON | 0x00018290 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_GROUP_ICON | 0x00018708 | 0x000000ae | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
| RT_VERSION | 0x0001c2fc | 0x0000033c | LANG_NEUTRAL | SUBLANG_NEUTRAL | None |
Imports
Library KERNEL32.DLL:
• 0x407008 AddAtomW
• 0x40700c FreeConsole
• 0x407010 GetCurrencyFormatW
• 0x407014 IsProcessorFeaturePresent
• 0x407018 CreateEventA
• 0x40701c OpenFileMappingW
• 0x407020 LocalHandle
• 0x407024 HeapSize
• 0x407028 MulDiv
• 0x40702c WriteFile
• 0x407030 GetTempFileNameW
• 0x407034 SetLocaleInfoW
• 0x407038 DosDateTimeToFileTime
• 0x40703c EnumLanguageGroupLocalesW
• 0x407040 CreatePipe
• 0x407044 GetPrivateProfileSectionNamesA
• 0x407048 SetConsoleTitleA
• 0x40704c CancelDeviceWakeupRequest
• 0x407050 GetVolumePathNameA
• 0x407054 GetProfileIntA
• 0x407058 GetDateFormatA
• 0x40705c DebugBreak
• 0x407060 SuspendThread
• 0x407064 SetCommMask
• 0x407068 EnumUILanguagesW
• 0x40706c MoveFileWithProgressA
• 0x407070 BackupRead
• 0x407074 GetNumberOfConsoleInputEvents
• 0x407078 GetLongPathNameA
• 0x40707c FreeLibrary
• 0x407080 GetFileAttributesW
• 0x407084 EnumDateFormatsA
• 0x407088 QueryDosDeviceA
• 0x40708c UpdateResourceW
• 0x407090 WritePrivateProfileStructA
• 0x407094 lstrcpynA
• 0x407098 GetExitCodeProcess
• 0x40709c GlobalAddAtomW
• 0x4070a0 GetShortPathNameW
• 0x4070a4 UnlockFileEx
• 0x4070a8 SetComputerNameExA
• 0x4070ac GetExitCodeProcess
Library GDI32.dll:
• 0x407000 GetDeviceCaps
Library mscms.dll:
• 0x407140 GetColorProfileElement
• 0x407144 UninstallColorProfileA
• 0x407148 AssociateColorProfileWithDeviceA
• 0x40714c EnumColorProfilesW
• 0x407150 GetStandardColorSpaceProfileW
• 0x407154 DisassociateColorProfileFromDeviceW
• 0x407158 GetStandardColorSpaceProfileA
• 0x40715c SetStandardColorSpaceProfileW
• 0x407160 DeleteColorTransform
• 0x407164 GetPS2ColorRenderingIntent
• 0x407168 SetColorProfileHeader
• 0x40716c TranslateBitmapBits
• 0x407170 CreateColorTransformA
• 0x407174 ConvertIndexToColorName
• 0x407178 CreateProfileFromLogColorSpaceW
• 0x40717c RegisterCMMW
• 0x407180 GetColorProfileElementTag
• 0x407184 GetColorProfileFromHandle
• 0x407188 UninstallColorProfileW
• 0x40718c CreateMultiProfileTransform
• 0x407190 GetCountColorProfileElements
• 0x407194 InstallColorProfileA
• 0x407198 CreateColorTransformW
• 0x40719c CheckColors
• 0x4071a0 SetColorProfileElementReference
Library msvcrt.dll:
• 0x4071a8 iswprint
• 0x4071ac _wgetenv
• 0x4071b0 srand
• 0x4071b4 strtok
• 0x4071b8 iswupper
• 0x4071bc tolower
• 0x4071c0 fputs
• 0x4071c4 _swab
• 0x4071c8 wcsncpy
• 0x4071cc _fputchar
• 0x4071d0 iswctype
• 0x4071d4 _strupr
• 0x4071d8 bsearch
• 0x4071dc _strnicmp
• 0x4071e0 memcmp
• 0x4071e4 _wspawnl
• 0x4071e8 _abnormal_termination
• 0x4071ec _rotl
• 0x4071f0 _flsbuf
• 0x4071f4 isdigit
• 0x4071f8 memmove
• 0x4071fc _isctype
• 0x407200 isalpha
• 0x407204 isgraph
• 0x407208 _wspawnvpe
• 0x40720c _wexecve
• 0x407210 _wcslwr
• 0x407214 _wcsrev
• 0x407218 fputwc
• 0x40721c _fcvt
• 0x407220 _ultoa
• 0x407224 tmpnam
• 0x407228 _wcreat
Library ole32.dll:
• 0x407230 OleCreateFromData
• 0x407234 HWND_UserMarshal
• 0x407238 CreateAntiMoniker
• 0x40723c CoInitialize
• 0x407240 CoSetProxyBlanket
• 0x407244 CoDisconnectObject
• 0x407248 ReleaseStgMedium
• 0x40724c HGLOBAL_UserSize
• 0x407250 PropStgNameToFmtId
Library WINMM.dll:
• 0x4070b4 timeSetEvent
• 0x4070b8 waveOutOpen
• 0x4070bc midiConnect
• 0x4070c0 midiOutSetVolume
• 0x4070c4 mmioOpenA
• 0x4070c8 mmioWrite
• 0x4070cc DrvGetModuleHandle
• 0x4070d0 mciGetDeviceIDFromElementIDW
• 0x4070d4 waveOutGetErrorTextW
• 0x4070d8 joyGetPosEx
• 0x4070dc mixerSetControlDetails
• 0x4070e0 joySetThreshold
• 0x4070e4 mmioRead
• 0x4070e8 waveOutGetDevCapsA
• 0x4070ec DefDriverProc
• 0x4070f0 mmioDescend
• 0x4070f4 mixerGetLineInfoA
• 0x4070f8 mciSendStringA
• 0x4070fc midiOutClose
• 0x407100 midiInGetDevCapsW
• 0x407104 midiStreamOut
• 0x407108 mmioSetBuffer
• 0x40710c midiInClose
• 0x407110 waveOutReset
• 0x407114 midiOutPrepareHeader
• 0x407118 waveInGetPosition
• 0x40711c GetDriverModuleHandle
• 0x407120 mmioGetInfo
• 0x407124 midiInMessage
• 0x407128 mciGetCreatorTask
• 0x40712c auxGetVolume
• 0x407130 joyGetDevCapsW
• 0x407134 waveInGetErrorTextA
• 0x407138 mixerGetLineControlsW
L!This program cannot be run in DOS mode.
.imports
]fffff.
USWVHE
EufErE
uE9t:EM
MU0UMMfu
t8EfMf
fMfMff
fMfMf *fME
+EEfMf
0^[]USWVTE
f]MUu}EE"fMf9
Uf2f}ff)fufuf]
U9|NEfM
(EfMff1fM
UUf}ff!f}
UT^_[]ffffff.
EfE^]E
MME9Etplh~0xE
|U+EEEE
EMfUff!fUt#f^MUUfut
Mf)fEEMU
]ffffff.
@0EfMfWfM
Ew@0EEfMfLEEfM ]f
UffzfA
^_[]ff.
U;MtcE
MEu+EEM/E
$EEE/@4M
EfEH@0MA
]ffffff.
EE2aEM
ufEx}fE@E
ME|xtp
A`EE@dE
M|MEfEXM;A
"MfufBfu9u
fME<EMfUf
EM*EEbEM
t9Eu.EfMfHSfME
fMff1fM@f
MMfufWsf+Efu
MMMfEMEM
USWV<E
Ef+MfMfM
Eff1fM(
fuff!fu
<^_[]f
t$Lt$LD$|
|$|D$[wD$K
\$KD$t
D$<D$hD$T
|$,fD$*\$)t$$v
D$pD$\D$\x
f+t$Df|$`t$Df|$b
$/L$,9u6f$
D$pD$T
T$[_T$[
*D${D$ b
T$\D$l$
\$ \${
L$$9t1D$t$
T$TL$T1L$TD$p
D$DD$D9
L$DL$t
D$pe^_[]
USWVTE
]fE2RE
]MUu}u.
U+EEE9ucE
MI<UfufLUfu
u)f}ff!f}
T^_[]f.
.^fEUL
Ef+4]f^}EU
tf+^f.fJp
fJ^ff!
U+MRD]M
L:Uf4f)JT
)fzT:f4f0rf4}
WLf)fz
)fzfnfzL9Uf.JPM9
uf4p+88fJf%|nfJEf|f+4U1
U]f^f4f
]5FM*EE
U*MMf+.fufH
f^f.9u9
f+JufJ+Ef4fQfMVLEE
U+M]0]M9u
Jxf+.fzf
USWV8E
M9A<U~2EE
f]+EEf)fM
8^_[]ff.
ME9uUt)E
USWV<E
EE\El<^_[]f.
HEfEzn
ufUf!fU
MEMU U
d@(hd@
uhuf}f
ff-Esbsfff)f}9t!
MfUff)
MfUf+Ef4EfEfU
PU?U[ [
MUEE1E] ]s(
EEfEiE
MMxtplhkE}
u+M)EMM
MMMUuvP}]
MfUff!fU
@4M+A4EME
USWVxE
fEzMEEfE_E
EfEf1fEf)fG
EMiEMUu}f]f=*EEMM!
FTu4$T$
MEx^_[]
tPMtE&E
,+*$ NE
EMfUff
EM89Eu)+$
EfM||fw|fM8
TTM1ME@
xU)x>+E
MfUff1fU+l+||lE
UM+EEE
U*Mf+EfEM
EEfECE
E\0,($
\uwZ}1
wX)*wXwS4`SMD9
lUuf}fYf}6$!+E
+hh+dd
MCEd!dE
0wd!MEME
fEy7Ef
lE@0fE1;E@$E
dE@4`E@8\EXTXH
MI(HME
t0@fff
f0u;F8th
0Ep?fE0
MI4@MI t
f+6f6xbX
D(P#D9
LUfTU,(
XfMf+#fM
MIP8MITM
M;*?IHM
m3?]USWV8
#tD$D$
,7D$0D$P$
L$,L$0
\$(|$$T$ t$
(ff!f$
e^_[]fff.
$L @Ef
E4|wM|](
}Mfuff)f}8
wMUffff
ffUfuff!fu1
wffffff
^_[]f.
fE[-UE
uER]fEmy]E
UM9t,f
fMff+UfUf+EfV
Mf+EfE
8^[]ffff.
C[aztrYjI(_]b@Q~j%4QwHY)K
Nfxp1J}
/`pl'v
lsEN\J
zzXfW-gX_
1:mXGk
arp-xn7,g+
B_C.KlU]_ 1|Lo]I.
R3C L.1}0]q SbN|
|vs>&eu
:mu#VC&40e3Qgz.
5xwmIf
w|,y5Y{
QyQD?7
-AUg<H[-8M
54=eJ
>PVA4fS/`;/
dKu{ojn
6_x]Uh]
NJvA7rR7%i)8Ks
W<2P'rB
|2iR1T
1_8om/zy}G[
tCTmGpjW36|y}:p|V
{fWNyd;6Qq?
hItFv@b2,#7z
n1ljaU
aZ{y2c~W4
PoxO~iXm
NsK,e]jLcH]L~DV'J</
kZnAC||9,jj`iBg
zU5>e1r?g
N+_eF#{Db0hoL_ZF7~T
|QH5yg
\*:X7c4[~^(vy
jmMkjWg
bjdj,S%7
;:$mlzYVRbh
`U>M)+
Vi:\s}#
-3YZA6N9Zd$W`-"*
Li< %dK<kB
]R%#Prr EV
9.GBso=i\}m
"VaB~Y_{WdT9fZ
FXSLu1cz]Hond2gQ
T45Xr/n
qtq|kuR
h! a{gvE-5
q #{H=
uJ}ARwc
UX!I2/
3/Lh^9sPgx0
&PIKs5
dFm9zE+
Sm)gF2O@
a&]PR!A[RH0'6`:B3ljqYh;txJtz>
DC^YA^ `Zf
\C@BvpLnWV<
GmBj~q
9'@]C[=Of
@QHpCW
CAd3yr^tS
B%LR1O
5MgV&:5O>F`GlYd
`hXr-a
#ZUpjuZn7)|:;
-_6`*S9`uF@|{X
RZV-jiTzXa@{
!mc<Me
H#}^Jw/\-]
k:eI/TJi
:JMp$
in3f-
:==ut5
HPJhx=5
srSa2h
jY\mjQ
[r@ UZKy<qL
u!1o:=V
(>q@gjoPs$h$Sbog
sTeXM;b
|E\p4B\Tcv_Au
YFsuIdb_
r9*UyO"3i_i-
pmp<RzFC
n34Az"Y[o45L;\-
DUvo\os
j?Dl[{'KeU
q6"uB1'_N8gmS
Q|Y[X^\{2'%e
kkXkcb*
W]r$uwYV
xwNnrk45UyX
(ZOyKDu
+ n|tkWr1U
%J>k2\xc
O;C9z[
xs%vR$]kVlMhOb@,uZ
|sP)ATf
7QXcO%k
l8E+R>E
MS>E`Qmj(
vby`yaziGc
]{T\kuQ_H
ri)QPq
M%b 8%T==iSU
(L*t@{
W}4#h81
Ol$^SPV
-Jol>aGX(
R|)Qxzp[P{:!@wCW
9^Hrna
= Omj@"^sDw
2Z!Xpx;:Z_c'e3n1
LHek@vLv
v'9K}6
53=2fU_3
l"(vYV8
4trf_ba
cBq2Rq
1w>`\p{Nn
xo{[Ach~
kpg_H<P
[TLfFS_
j`y#L0R
=X=28W
iu-%M)J
wdFA0TX
G!|C-$y
DX!v R$K%CRf
<MUh_d
@ez)@Q;K
ISU>pg 9
uU*db8b?R|[nd<y2
Gb{MY6]ng%JdR
MJ2molB
a5fpIp&
:sp/#_k3
Xh&~[L
"lg}0'qLwJ?FG
/KAJUr
U3F}M8?
sXpE_78C]
}&nXuL2
3w9[5r
99^ #Q
%hc*hBmOI!KM/,
lNU(~S
]aD@O2Gmg<#AYhw,#o
Lw0gM!9'WxU}ytfk3
,3^_hcX
!lhqg (a
Z/4wc>$
A@6hk!
RQM[D/St
KEdSSb
9"OfUm
keZwHz
8)Uj9}o rvGuwl
=S84v"
B^|$r>hFk|k
M|{+Do
O6l/elNpSO
~jvo[O~
r<cpa(Ah5-t`er
xj(t5Q ux
vWvoGO!Xn,11
ZV]A{orh
l_a9wP
dyPcL0R
UIR;y'
8\l@XQV
IKq94fev
/oiio4
hRE<qj:w
|_et\k12l
ooDshi
>/i)qd]O+Y=
zQmq9)|
FfnVJlP4
)[dVH'
E;YSkth
q'euU7@Ri{7~
OeT2Cqq
4#Lo~%n(rZ0F
7Erlr:L
{mj>g 3U
VnJCP`
6Ba{IKR
1a7Z1z3
1\$K2i9
oarg`n=ZJm0W8ZV+JkJ}0
o2%)k"
z\>Nt'
t1-\A/*
phFj9V92q|Bk
$=IJysg
kcUC#tv
<0k@aY
nX9QUZyeaRYVOinAJ
nG#">Q
|ZiXN}s`0`@~
p@EBuj
<,"5EU
r[+k$1tYv;m?4n
v|vyHqX\
IfRIn4
vy,X+~
@z].LhS
yJ9(/A]QrEbEx
/]2iIi
|B7I_vb(m4%%
XX/A|w
K0a\?J
Yy@^x|NGBd
sRdl\q
'UVFf7HFY)-
i7[mO7.2qS.,sk
vj/P*8
meYO0Nh`Xuc
,Q 1di
/5{Sluc
K1|Yf1PSe
= u/9=JjQ?}4
!m%y]Y4Zn,.E<"
j%55oHP=bFnN{Vl
vong?4
-G//dP
/~mc*!f
fw-L ! oz5Jnk~
g<@@0YoByl
e]KJQm
ftak~0C
.?35Xua
"x1umlFj
*EfUW8_p}uH
'q~m.(
G8TQJo
`D(4JQ
I5MX9%EHo
I+w@\\%D
0'e@0j`f
Y\3ID@@
@4zY9||f
4-8#Yu
|(Q_-4kMs
"K(*9ux>4M
`y0CLkBeN
`nB5ZUg>,
iubCQ~j)4QwGX)K"I(_]b@Qj%4QwHY)KjI(_]b@Q~j%4QwHY)KjI(_]b@Q
jI(_]b~jq5Rwo
jI(_]b@Q^j45\xI)
jI(_]b@Q~j%DQwHi)KjI(_]bQ~
zI(__b@R~j%4QwH^)KjI(_]bQ~j'4Q
Z)MjI(_mb@Qj%4QxHY)KjI(_]r@Q~j%4QwHY)KjI(_]b@Q~j
jI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4
jI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4QwHY)KjI(_]b@
QwHY]KjI8_]btQ~j'
jI(_]b@Q~j%4QwhY)jI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4QwHY)KjI(_]b@Q~
jI(_]b@Q~j%4QwHY)KjI(_]b@Q~j%4QwH{jI(n
%5~j{(OY
@14` ,X
A7W){jI_]
}g:j1*_]
69HY)`zGb@QV9HY)*
r(~j%D
]b@zW5
p =j9j%4wY)t$dhI'u
AL&#Ui%
Y(J.P}
iZGDa?P\
_),4-oC0(G=
SiT)'xT
|lf]^n
$nz|n~o
C>pT>v7+-
3M+ Pp5S
;^1nH\
xSIwwzQ:v{Ef*:U
[7v:bx
N,LQGF
_9>rQel7
r3u3^*G)d
!7z}bDy(e
sVT7[L
^W@]29G
V"(1$&Y
+?=:aoEA*LhN1
`^5i_@Ga&(>*
rilumGd/9
s+aUue\y
w$!TR}7
9S_NUx,
"uH@KN
U^bnqH%Gbtr"m]H*
j@JlRxY(Yn:@%]
Ytb@^o|YW+@
YZz@nki7
s'@vfYZ@]d
Yyi@~gxY
)y:GQ.*)JtsQR)RtQ
B%'fJ!
<%`Iziuw%QI_
|`_cgs
_uH=Qb8
}_qc4=Q
mxK*iYq~0q4K
XfYYa`@\mmEYMtf
YK]jgiw{aL]2w
G][`\[wD
]bjHEb
b9hH]X
bs#xHxb
Dbf'j[H}|Ub
~%F_J3K
E|jD4pwgYHKIG_|bp~%SQHx)jjK(
333333333333333333330
p88wwwwwwwxwwwwwwwwwwwxwwwxwwwxwwxxwxwwwwwxwwwwwwxxwxxwwxxwwwwwwwxxwxwxxwxw
xwwwwwwwx
vhvfwhfhh
3333333333330
p7sxwwwwwxxwwwxx
xwwwxxxxxxwwwwxw
xwxxww
333333333307sxxxwwwwwxxxxwwxxxxwww
xwxwwwww
3333330xxwwwwxxww
xwxwwwwx
|GiiG||4
------
YYYYY3)3YYYYii@
`iiiiiiiiiiiiiiiiiii
MTiiiiiYYY33iiiiiiL@M
ziz-!``Tmw
iiiiiiiziiiiiii3s3iiiizzzzz
C Tzzzzzz
zzzzzziii3sszzzzzzzzzzzzzT
zzzzzzzzzzzzzzzzs
zzzzzzzzzzzzz`
zzzzzzzzzzzzzzzzz
UzzzzzzzzzzzzzzT
zzzzzzzzzzzzz
zzzzzzzzzzzzzzU5zzzziiiiiiiiiL
p?wiiiiiiiizzz5*iiiiiiiiiiiip;6
iiiiiiiiii*[3iiiiiiiiiiiic;\H
;;wiiiiiiii3[[3iiiiiiiiiiii-QiiiiiiiiiiiL
iiiizjf
iiiiiii3[X3iiiiYYYYYYYYYz!TTTTTT
YYYYYYYYY
"YYYYiii3X&3YYYY
YYY3&&3j`
#MMD]L
}1R}.7z@@zu0ZRRSz@i((((((((((((((K>(N+RI((((((((((((((((((i
i((((((((((((((V.((((((((((((((((((((i
i(((((((((((((((guZ=
(((((((((((((((((((ii(((((((((((((((=
($1=((((((((((((((((((iY(((((((((((((((($O
(((((((((((((((((Y
Z$gwjjjjjjjjjjjjjjjjjjjjwg$ZZ.jNNj.ZJ]+
+]J8gwjjj
jjjjjwg8
rjjjjw\
5wwwwar<P@+
%@wwwowwwww55wwwwws
(;wwwwwwwww5E\++++++++%
U++++++++++\Ef\++++++++|4D
>OUs@@z
+++++++\f=\wwwwwwwKlrBkkB7
U6Kwwwww\=t5wwwwwwwKWR%2&&2O
w;rwwwww5t
5jjjjjw@s
1s+jjzjjjjj5
jjjjjs;hh
jj;jjjjj
jjjjj@6r0
PP%d(jjjjj
r|NNNNNNNNN}
AVNNNNNNNNN|
'C:LQ|
+_p[MLHN+
w,,,,,,,,,
QL,,,,,,,,,,,,w
<w,,,,,,,,,
}',,,,,,,,,,,w<j,,,,,,,,,,'n)3nn~,,,,,,,,,,jj,
TTTTTTTTTTTTT
xqTTTTTTTTT
TTTTTTTTTTTTTT^TTTTTTTTT
TTTTTTTTTTTTTTT{iTTTTTTTTT
,TTTTTTTTTTTTTTTTTTTTTT,m,,,,,,,,,,,,,,,,,,,,m
]]]]]]]]]]]]]]]]]]]]]]]]]
T# /////
/&7$$H///
333O"B
@@OG0O@@@@
@@@@O0
.....@3?
@......
......
4@......
LLLLLLL
LLLLLL
LLLLLLLLL
LLLLLLLL
X6N]WWWWWWWWWWWWWWWWWWWWWW]
!!!!!!!!!!!8
! +%
:'''''''''''''':
mW73mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW7mW73
nX9foY:oY:nX9f
pZ:!q[;q[;pZ:!q[<x
q[<xr]>r]>t^?{m~_}_}_}_}_}_}_}_}^ds
t^?v`Atjd{\{\{\}^}_}_}_}_}_}_}_{]{\{\yZ}_gqv`AwbCqyZuUuV}`l
i}`}_t
wbCydEx{]sSc
iydE{fG
{fG}hJ
qwYoOoOoOoOoOuVe
jLy\nNpQwZ
cnvq~bwZpPnN
dplNnQnQpS
pSrV|_lLlLlMuXuWuWtWpPlLlLlLwY~
rVuXlL
yqSuXw[lLw[y]
zoOvy]|`sih
qRpP|`~cqSmNqT
oQoP~ceik
z^vXeh
hzkpRr
g3psNC6
h%ysu_
s{E u0V u_Z#x*|KI
(z&yy4+}7:1e~6
nX9@nX9
nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9nX9
pZ;@vfNvvvfNpZ;@
r]>@vfOvfOr]>@u_@
wjeffgfffl|
wbCzeFhsSd
zeF}hJr
cy[rSsUwYy\lkMnQ
qTuXpg
dfh}b}buXx\t
lqx\|`
dvz]oo
lpJ)z9pt>yh
hBtxe3
nx|&wf
ll| tD
oG>K!tKI^'x{g~)y@
pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:pZ:
s]>wws]>v`Bv`BzdFzdF}hJ
yc______cy
}hJlOjjlOqT}ayXyXfqTuYuYz^xfyXaayXf}^z^
_iii|\j|\iomwotr5?stz:u
r\=hr\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=r\=hwaB
waB|fH
nnnnnnn|fHlOlOrVgyXyYyXg}^rVy]
~_y]dzY}]h{[zYhzYdl$vlt3
AddAtomW
FreeConsole
GetCurrencyFormatW
IsProcessorFeaturePresent
CreateEventA
OpenFileMappingW
LocalHandle
HeapSize
MulDiv
WriteFile
GetTempFileNameW
SetLocaleInfoW
DosDateTimeToFileTime
EnumLanguageGroupLocalesW
CreatePipe
GetPrivateProfileSectionNamesA
SetConsoleTitleA
CancelDeviceWakeupRequest
GetVolumePathNameA
GetProfileIntA
GetDateFormatA
DebugBreak
SuspendThread
SetCommMask
EnumUILanguagesW
MoveFileWithProgressA
BackupRead
GetNumberOfConsoleInputEvents
GetLongPathNameA
FreeLibrary
GetFileAttributesW
EnumDateFormatsA
QueryDosDeviceA
UpdateResourceW
WritePrivateProfileStructA
lstrcpynA
GetExitCodeProcess
GlobalAddAtomW
GetShortPathNameW
UnlockFileEx
SetComputerNameExA
GetExitCodeProcess
GetDeviceCaps
GetColorProfileElement
UninstallColorProfileA
AssociateColorProfileWithDeviceA
EnumColorProfilesW
GetStandardColorSpaceProfileW
DisassociateColorProfileFromDeviceW
GetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
DeleteColorTransform
GetPS2ColorRenderingIntent
SetColorProfileHeader
TranslateBitmapBits
CreateColorTransformA
ConvertIndexToColorName
CreateProfileFromLogColorSpaceW
RegisterCMMW
GetColorProfileElementTag
GetColorProfileFromHandle
UninstallColorProfileW
CreateMultiProfileTransform
GetCountColorProfileElements
InstallColorProfileA
CreateColorTransformW
CheckColors
SetColorProfileElementReference
iswprint
_wgetenv
strtok
iswupper
tolower
wcsncpy
_fputchar
iswctype
_strupr
bsearch
_strnicmp
memcmp
_wspawnl
_abnormal_termination
_flsbuf
isdigit
memmove
_isctype
isalpha
isgraph
_wspawnvpe
_wexecve
_wcslwr
_wcsrev
fputwc
_ultoa
tmpnam
_wcreat
OleCreateFromData
HWND_UserMarshal
CreateAntiMoniker
CoInitialize
CoSetProxyBlanket
CoDisconnectObject
ReleaseStgMedium
HGLOBAL_UserSize
PropStgNameToFmtId
timeSetEvent
waveOutOpen
midiConnect
midiOutSetVolume
mmioOpenA
mmioWrite
DrvGetModuleHandle
mciGetDeviceIDFromElementIDW
waveOutGetErrorTextW
joyGetPosEx
mixerSetControlDetails
joySetThreshold
mmioRead
waveOutGetDevCapsA
DefDriverProc
mmioDescend
mixerGetLineInfoA
mciSendStringA
midiOutClose
midiInGetDevCapsW
midiStreamOut
mmioSetBuffer
midiInClose
waveOutReset
midiOutPrepareHeader
waveInGetPosition
GetDriverModuleHandle
mmioGetInfo
midiInMessage
mciGetCreatorTask
auxGetVolume
joyGetDevCapsW
waveInGetErrorTextA
mixerGetLineControlsW
`.rdata
@.data
.mforJy
.o7sqs
/$DS[lO!@o
\[mAjC
?p[H[B
aWC7^@_
;GS[ox5
+;GXqx[
^"?KA#;rc
XNC_[N
S[zoA
+a:[u|z/[7+^ [
V37{3
{V0?[77
3v~_#_
Cwv0=c+
{/=[wK7H
+GOVCc=a[7
bWAF W{7'#WS[^
(~r\=h
+_3hwaB
73;~k3&
;E^8#+
7 +l &#
FreeConsole
GetCuro
ncyFormat IsProces!mmrFe
FiFMapping:L7alHando[H+pSizeMulDiv
Wrik=1xTemp
Name;S>eInfo
DosDwlTi
EnumLoaguageGup4sWs>Pip
s@kof^ctilsAm
WakeYRkequtV.wK
}[OhAA
HbugB/klus*]8XwdTh
d{mm6sk
UIMov$3tWhbg|Back`uAlNberOfBlputs
!`"Librar
l7$pynq
d[FXlob)
ShotWnn#n
ZjEmvk
isaWX0JSCKa3F
B pd!u
sj.]pIY
CMMWJG
ghb[ck
Z (^_w
ab wcsnn
Xchw4y
|?\awt
f5f_di\c
tAm!zmGqlp$bg
4q^v.Vx*1lw_=Wp
k [_oGt m':iB>0bO<
,HWND_UrM0sl
xyBn oD.n9Obj
Gh/RUaXxgMe
kGLOBALn:xnEp m
OHFiQsCn
|frvkd!u
WQs!ErrT
Jt?joy
Psl+Zhir
fiB=kc,JQhteb-L^
m&pxhSBfA`N0=p
in{\H`i
auxGiB,
V!oGPE
+'o D7sqiAXS
XPTPSWXaD$j
GDI32.dll
KERNEL32.DLL
mscms.dll
msvcrt.dll
ole32.dll
WINMM.dll
GetDeviceCaps
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
CheckColors
CoInitialize
mmioRead
KERNEL32.DLL
AddAtomW
FreeConsole
GetCurrencyFormatW
IsProcessorFeaturePresent
CreateEventA
OpenFileMappingW
LocalHandle
HeapSize
MulDiv
WriteFile
GetTempFileNameW
SetLocaleInfoW
DosDateTimeToFileTime
EnumLanguageGroupLocalesW
CreatePipe
GetPrivateProfileSectionNamesA
SetConsoleTitleA
CancelDeviceWakeupRequest
GetVolumePathNameA
GetProfileIntA
GetDateFormatA
DebugBreak
SuspendThread
SetCommMask
EnumUILanguagesW
MoveFileWithProgressA
BackupRead
GetNumberOfConsoleInputEvents
GetLongPathNameA
FreeLibrary
GetFileAttributesW
EnumDateFormatsA
QueryDosDeviceA
UpdateResourceW
WritePrivateProfileStructA
lstrcpynA
GetExitCodeProcess
GlobalAddAtomW
GetShortPathNameW
UnlockFileEx
SetComputerNameExA
GetExitCodeProcess
GDI32.dll
GetDeviceCaps
mscms.dll
GetColorProfileElement
UninstallColorProfileA
AssociateColorProfileWithDeviceA
EnumColorProfilesW
GetStandardColorSpaceProfileW
DisassociateColorProfileFromDeviceW
GetStandardColorSpaceProfileA
SetStandardColorSpaceProfileW
DeleteColorTransform
GetPS2ColorRenderingIntent
SetColorProfileHeader
TranslateBitmapBits
CreateColorTransformA
ConvertIndexToColorName
CreateProfileFromLogColorSpaceW
RegisterCMMW
GetColorProfileElementTag
GetColorProfileFromHandle
UninstallColorProfileW
CreateMultiProfileTransform
GetCountColorProfileElements
InstallColorProfileA
CreateColorTransformW
CheckColors
SetColorProfileElementReference
msvcrt.dll
iswprint
_wgetenv
strtok
iswupper
tolower
wcsncpy
_fputchar
iswctype
_strupr
bsearch
_strnicmp
memcmp
_wspawnl
_abnormal_termination
_flsbuf
isdigit
memmove
_isctype
isalpha
isgraph
_wspawnvpe
_wexecve
_wcslwr
_wcsrev
fputwc
_ultoa
tmpnam
_wcreat
ole32.dll
OleCreateFromData
HWND_UserMarshal
CreateAntiMoniker
CoInitialize
CoSetProxyBlanket
CoDisconnectObject
ReleaseStgMedium
HGLOBAL_UserSize
PropStgNameToFmtId
WINMM.dll
timeSetEvent
waveOutOpen
midiConnect
midiOutSetVolume
mmioOpenA
mmioWrite
DrvGetModuleHandle
mciGetDeviceIDFromElementIDW
waveOutGetErrorTextW
joyGetPosEx
mixerSetControlDetails
joySetThreshold
mmioRead
waveOutGetDevCapsA
DefDriverProc
mmioDescend
mixerGetLineInfoA
mciSendStringA
midiOutClose
midiInGetDevCapsW
midiStreamOut
mmioSetBuffer
midiInClose
waveOutReset
midiOutPrepareHeader
waveInGetPosition
GetDriverModuleHandle
mmioGetInfo
midiInMessage
mciGetCreatorTask
auxGetVolume
joyGetDevCapsW
waveInGetErrorTextA
mixerGetLineControlsW
u *R[CiS
6�d�9�2�a�D�a�N�A�r�1�i�
2�2�2�5�6�8�5�
V�S�_�V�E�R�S�I�O�N�_�I�N�F�O�
S�t�r�i�n�g�F�i�l�e�I�n�f�o�
0�0�0�0�0�4�b�0�
C�o�m�p�a�n�y�N�a�m�e�
S�u�n� �M�i�c�r�o�s�y�s�t�e�m�s�,� �I�n�c�.�
F�i�l�e�D�e�s�c�r�i�p�t�i�o�n�
J�a�v�a�(�T�M�)� �P�l�a�t�f�o�r�m� �S�E� �b�i�n�a�r�y�
F�i�l�e�V�e�r�s�i�o�n�
6�.�0�.�3�1�0�.�5�
F�u�l�l� �V�e�r�s�i�o�n�
1�.�6�.�0�_�3�1�-�b�0�5�
I�n�t�e�r�n�a�l�N�a�m�e�
L�e�g�a�l�C�o�p�y�r�i�g�h�t�
C�o�p�y�r�i�g�h�t� �
O�r�i�g�i�n�a�l�F�i�l�e�n�a�m�e�
j�a�v�a�.�e�x�e�
P�r�o�d�u�c�t�N�a�m�e�
J�a�v�a�(�T�M�)� �P�l�a�t�f�o�r�m� �S�E� �6� �U�3�1�
P�r�o�d�u�c�t�V�e�r�s�i�o�n�
6�.�0�.�3�1�0�.�5�
V�a�r�F�i�l�e�I�n�f�o�
T�r�a�n�s�l�a�t�i�o�n�
Hosts
| IP |
|---|
| 114.114.114.114 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
TCP
No TCP connections recorded.
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
Sorry! No dropped files.
Sorry! No dropped buffers.